package com.wyj.config;

import com.wyj.util.CommunityConstant;
import com.wyj.util.CommunityUtil;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * @author 王永杰
 * @Description 描述 自定义拦截器
 * @since 2022/8/9
 */
@Configuration
public class  SecurityConfig extends WebSecurityConfigurerAdapter implements CommunityConstant {

    // //放过所有的静态资源
    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    //认证流程 将认证结果存进 SecurityContextHolder 当访问其他页面资源的时候 filter 会查看 存进 S....中的认证结果存在的话
    //那就放行
    @Override
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder){

    }

    //授权 规定哪些是可以访问的资源
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 授权
        http.authorizeRequests()
                .antMatchers( //下面这些路径对应的页面 需要登录后才可以访问
                        "/set",//点开设置页面
                        "/upload",//上传头像
                        "/add",//发帖
                        "/add/**",//发私信
                        "/getMessage", //查看私信
                        "/getMessageDetail/**",//查看和某个人的私信
                        "/addMessage",//发送私信
                        "/notice/**",
                        "/like",  //点赞
                        "/follow", //关注
                        "/unfollow"//取关
                )
                .hasAnyAuthority( //对应的角色是 下方
                        AUTHORITY_USER,
                        AUTHORITY_ADMIN,
                        AUTHORITY_MODERATOR
                )
                .anyRequest().permitAll()
                .and().csrf().disable();//取消csrf

        // 权限不够时的处理
        http.exceptionHandling()
                .authenticationEntryPoint(new AuthenticationEntryPoint() {
                    // 没有登录
                    @Override
                    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
                        String xRequestedWith = request.getHeader("x-requested-with");
                        if ("XMLHttpRequest".equals(xRequestedWith)) {
                            response.setContentType("application/plain;charset=utf-8");
                            PrintWriter writer = response.getWriter();
                            writer.write(CommunityUtil.getJsonString(403, "你还没有登录哦!"));
                        } else {
                            response.sendRedirect(request.getContextPath() + "/login");
                        }
                    }
                })
                .accessDeniedHandler(new AccessDeniedHandler() {
                    // 权限不足
                    @Override
                    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
                        String xRequestedWith = request.getHeader("x-requested-with");
                        if ("XMLHttpRequest".equals(xRequestedWith)) {
                            response.setContentType("application/plain;charset=utf-8");
                            PrintWriter writer = response.getWriter();
                            writer.write(CommunityUtil.getJsonString(403, "你没有访问此功能的权限!"));
                        } else {
                            response.sendRedirect(request.getContextPath() + "/denied");
                        }
                    }
                });

        // Security底层默认会拦截/logout请求,进行退出处理，那么就不走我们的默认逻辑
        // 覆盖它默认的逻辑,才能执行我们自己的退出代码.
        //"/securitylogout" 这个请求是假的 让其底层默认拦截的是这个  因为是虚假的所以 我们正确的就不会被拦截到
        http.logout().logoutUrl("/securitylogout");


    }

}
